Add validation for loadbalancer port against 6443 and to avoid duplicate names

[KeerthanaAP]

Added validation for loadbalancer port against 6443 as its already used, kubebuilder tag to avoid duplicate ports and validation to avoid duplicate loadbalancer, vpcsubnet names.

Validation output:

The IBMPowerVSCluster "capi-powervs-keerthana" is invalid:
* spec.vpcSubnets[1]: Duplicate value: map[string]interface {}{"Name":"capi-powervs-keerthana-vpcsubnet"}
* spec.loadbalancers[2]: Duplicate value: map[string]interface {}{"Name":"capi-powervs-keerthana-loadbalancer2"}
* spec.loadbalancers[3]: Duplicate value: map[string]interface {}{"Name":"capi-powervs-keerthana-loadbalancer1"}
* spec.loadbalancers[0].additionalListeners[0].port: Invalid value: 6443: value of port should not be equal to APIServerPort (6443)

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #1663

Special notes for your reviewer:

/area provider/ibmcloud

1. Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

Release note:

Add validation for loadbalancer port against 6443 and to avoid duplicate names.

[k8s-ci-robot]

Hi @KeerthanaAP. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[netlify]

✅ Deploy Preview for kubernetes-sigs-cluster-api-ibmcloud ready!

Name	Link
🔨 Latest commit	643d878
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-sigs-cluster-api-ibmcloud/deploys/665d7583ed04cf00084fddf6
😎 Deploy Preview	https://deploy-preview-1746--kubernetes-sigs-cluster-api-ibmcloud.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[Karthik-K-N]

/ok-to-test

[KeerthanaAP]

/retest-required

[Prajyot-Parab]

ptal @Karthik-K-N

[Karthik-K-N]

Do mind sharing some reference about this tag usage.

Since its slice and for now we have only Port within it. what should be unique, Is port? in future we add another field name say PortName along with port then what should be unique is it port or port and portName combination?

[KeerthanaAP]

// +kubebuilder:validation:UniqueItems = <bool>
specifies that all items in this list must be unique.

As mentioned it validates the ports. All the ports should be unique. if we add another field like PortName, it will fail only if both the fields (portName and port) are same.

[Karthik-K-N]

Overall LGTM Thanks, Is there any way to improve the error message

spec.vpcSubnets[1]: Duplicate value: map[string]interface {}{"Name":"capi-powervs-keerthana-vpcsubnet"}

to remove map[string]interface {}

[KeerthanaAP]

Overall LGTM Thanks, Is there any way to improve the error message

spec.vpcSubnets[1]: Duplicate value: map[string]interface {}{"Name":"capi-powervs-keerthana-vpcsubnet"}

to remove map[string]interface {}

I followed the same error msg format that we get when we apply the kubebuilder tag ++kubebuilder:validation:UniqueItems=true

Example:
The IBMPowerVSCluster "capi-powervs-keerthana" is invalid: spec.loadBalancers[1].additionalListeners[1]: Duplicate value: map[string]interface {}{"port":6442}

or
we can print it as a string as mentioned below

The IBMPowerVSCluster "capi-powervs-keerthana" is invalid: 
* spec.vpcSubnets[1]: Duplicate value: "{Name: capi-powervs-keerthana-vpcsubnet}"

[Karthik-K-N]

Thanks for clarifying
/lgtm

[KeerthanaAP]

@mkumatag @Prajyot-Parab ptal.

[Prajyot-Parab]

@mkumatag @Prajyot-Parab ptal.

update release notes field please.

[KeerthanaAP]

@mkumatag @Prajyot-Parab ptal.

update release notes field please.

Done. Updated the release notes.

[mkumatag]

what if this port is set Cluster.Spec.ClusterNetwork.APIServerPort ? will this comparison with DefaultAPIServerPort still hold good?

[Karthik-K-N]

No, it won't hold good, if user has set Cluster.Spec.ClusterNetwork.APIServerPort we should make sure that that port is not set here in listner.
We usually find the apiserver port like this

cluster-api-provider-ibmcloud/cloud/scope/powervs_cluster.go

Lines 336 to 342 in 81e93e2

	// APIServerPort returns the APIServerPort to use when creating the ControlPlaneEndpoint.
	func (s *PowerVSClusterScope) APIServerPort() int32 {
	if s.Cluster.Spec.ClusterNetwork != nil && s.Cluster.Spec.ClusterNetwork.APIServerPort != nil {
	return *s.Cluster.Spec.ClusterNetwork.APIServerPort
	}
	return infrav1beta2.DefaultAPIServerPort
	}

[Karthik-K-N]

we dont have access to cluster resource here in webhook, So we need verify this one scenario in controller code only.

[mkumatag]

then adding this check here for the DefaultAPIServerPort may mislead the user, lets drop this change here and introduce in the controller itself

[Karthik-K-N]

I think most of the time the apiserver will be running in 6443 only, so i think we can keep it here and can add a check in controller only if the apiserver port is not 6443.

[KeerthanaAP]

Sure. Will add this as error msg.

[KeerthanaAP]

Modified the error msg.
Updated output:

Conditions:
    Last Transition Time:  2024-05-27T17:01:33Z
    Message:               capi-powervs-keerthana-new-loadbalancer2 port (6443) cannot be used as additional Listener port value, as its already configured by system for default listener
    Reason:                LoadBalancerReconciliationFailed

[Karthik-K-N]

Nice, Lets hear others opinion on as well.

[mkumatag]

how about this one - #1746 (comment)?

[KeerthanaAP]

Looks good. As the error strings should not be capitalized, Can we update it as below.

  Conditions:
    Last Transition Time:  2024-05-29T07:03:15Z
    Message:               port 6443 for the capi-powervs-keerthana-new-loadbalancer2 load balancer cannot be used as an additional listener port, as it is already assigned to the API server
    Reason:                LoadBalancerReconciliationFailed

[mkumatag]

@KeerthanaAP can you make the changes by tomorrow sometime? we are planning to cut a release soon

[mkumatag]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: KeerthanaAP, mkumatag

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [mkumatag]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment